[erlang-bugs] Re: PATCH - public_key should handle unknown attribute types

Dan Gudmundsson <>
Mon Jul 6 11:05:49 CEST 2009


Thanks applied.
/Dan

Will wrote:
> Odd, gmail clearly shows the diff attached, but it doesn't seem to
> have made it through the mailing list processing. Here's an inline
> copy...
> 
> On Sat, Jul 4, 2009 at 11:01 AM, Will<> wrote:
>> Hi,
>>
>> SSL handshaking with new_ssl will fail when a certificate contains
>> attributes unknown to the public_key module. Here is a patch that
>> leaves the attribute value encoded when its type is unknown.
>>
>> -Will
>>
> 
> diff -r 80795205fd0a src/pubkey_cert_records.erl
> --- a/src/pubkey_cert_records.erl	Sat Jul 04 10:44:41 2009 -0700
> +++ b/src/pubkey_cert_records.erl	Sat Jul 04 10:51:40 2009 -0700
> @@ -187,8 +187,11 @@
>  	      end, Exts).
> 
>  transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) ->
> -    Type = attribute_type(Id),
> -    {ok, Value} = 'OTP-PUB-KEY':Func(Type, Value0),
> +    {ok, Value} =
> +        case attribute_type(Id) of
> +            Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0);
> +            _UnknownType            -> {ok, Value0}
> +        end,
>      ATAV#'AttributeTypeAndValue'{value=Value};
>  transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) ->
>      AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)};
> @@ -231,7 +234,8 @@
>  attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber';
>  attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
>  attribute_type(?'id-domainComponent') -> 'DomainComponent';
> -attribute_type(?'id-emailAddress') -> 'EmailAddress'.
> +attribute_type(?'id-emailAddress') -> 'EmailAddress';
> +attribute_type(Type) -> Type.
> 
>  %%% Old code transforms
> 
> ________________________________________________________________
> erlang-bugs mailing list. See http://www.erlang.org/faq.html
> erlang-bugs (at) erlang.org
> 


More information about the erlang-patches mailing list